2

I am trying to run remote debugging on a Java applet, but cannot get the applet to connect to the debugger (Eclipse) nor will it suspend. During startup, I get the following:

...
    Match: digesting vmargs: -Djava.compiler=NONE -Xdebug -Xrunjdwp:transport=dt_socket,address=8088,server=y,suspend=y
    Match: digested vmargs: [JVMParameters: isSecure: false, args: -Xdebug -Xrunjdwp:transport=dt_socket,address=8088,server=y,suspend=y -Djava.compiler=NONE]
    Match: JVM args after accumulation: [JVMParameters: isSecure: false, args: -Xdebug -Xrunjdwp:transport=dt_socket,address=8088,server=y,suspend=y -Djava.compiler=NONE]
    Match: digest LaunchDesc: null
    Match: digest properties: [-Dsun.java2d.noddraw=true]
    Match: JVM args: [JVMParameters: isSecure: false, args: -Xdebug -Xrunjdwp:transport=dt_socket,address=8088,server=y,suspend=y -Djava.compiler=NONE -Dsun.java2d.noddraw=true]
    Match: endTraversal ..
    Match: JVM args final: -Xmx1g -Xdebug -Xrunjdwp:transport=dt_socket,address=8088,server=y,suspend=y -Xms512m -Djava.compiler=NONE -Dsun.java2d.noddraw=true
    Match: Running JREInfo Version    match: 1.7.0.15 == 1.7.0.15
     Match: Running JVM args match the secure subset: have:<-Xmx1g -Xdebug -Xms512m -Dsun.java2d.noddraw=true>  satisfy want:<-Xmx1g -Xdebug -Xrunjdwp:transport=dt_socket,address=8088,server=y,suspend=y -Xms512m -Djava.compiler=NONE -Dsun.java2d.noddraw=true>
...

I am assuming that the last line is the reason why the applet is not debugging properly, but I can find no documentation on what this line means (or how to make my -Xrunjdwp command be "secure"). Does anyone know where to find documentation on this?

Phoebe
  • 2,774
  • 3
  • 22
  • 27
  • Is that `-Xrunjdwp` set in the Java Control Panel or in the web page? – Tom Hawtin - tackline Feb 22 '13 at 15:56
  • It is in the JNLP file that launches the applet. I have tried adding it via the Java Control Panel, but AFAICT, all of the JVM arguments provided to the control panel are ignored. – Phoebe Feb 22 '13 at 21:32
  • As the comment cited by @Sebastian, allowing untrusted parties to set various JVM parameters (including `-Xrunjdwp`) would cause vulnerabilities. (I guess if you allowed connection from the outside would to the debugging interface, the security manager could easily be cleared, for instance.) – Tom Hawtin - tackline Feb 22 '13 at 22:04

1 Answers1

1

The comment in the sources of the class that is responsible for the output indicate that -Xrunjdwp is not a problem:

// 2. Trusted command-line arguments. These come from
//    deployment.properties and are specified by the end user via the
//    Java Control Panel. It is important that such command-line
//    arguments do not affect the "secure" state of the target JVM.
//    For example, the user needs to be able to specify -Xdebug
//    -Xrunjdwp[...] via the Java Control Panel to enable debugging
//    of applets on the client machine without affecting the ability
//    of the target JVM to run unsigned applets. We consider trusted
//    command-line arguments in the satisfies() computation.

So although the sources should be a good 'documentation' for this, from a quick look, I don't see why this should not work.

Sebastian
  • 7,729
  • 2
  • 37
  • 69